{% extends "nomcom/nomcom_private_base.html" %}
{# Copyright The IETF Trust 2015, All Rights Reserved #}
{% load origin %}
{% load django_bootstrap5 %}
{% load ietf_filters %}
{% block subtitle %}- Configuration Help{% endblock %}
{% block nomcom_content %}
    {% origin %}
    <div id="instructions">
        <h2 class="mt-3">Help for Configuring a New NomCom</h2>
        <h3 class="mt-4" id="keys">Generate a keypair for the nomcom</h3>
        <p>
            The Datatracker uses a public/private keypair to encrypt any feedback entered by the community
            before storing it in the database. Only persons with the private key can view this feedback.
            The private key is provided by using a datatracker page to store a blowfish-encrypted cookie in a browser session.
            The blowfish-encrypted private key is sent to the server and used to decrypt feedback.  The private key is never
            stored on the server, but if the server is compromised, it would be possible for an attacker to grab the private key
            by modifying the datatracker code. The NomCom chair generates the keypair for each NomCom and manages its secure
            distribution.
        </p>
        <p>
            To generate the keypair:
        </p>
        <ol>
            <li>
                Create a config file for openssl, named <code>nomcom-config.cnf</code>, with the following contents:
                <pre class="border p-3 my-3">[ req ]
distinguished_name = req_distinguished_name
string_mask        = utf8only
x509_extensions    = ss_v3_ca

[ req_distinguished_name ]
commonName           = Common Name (e.g. NomComYY)
commonName_default   = NomCom{{year}}

[ ss_v3_ca ]

subjectKeyIdentifier = hash
keyUsage = critical, digitalSignature, keyEncipherment, dataEncipherment
basicConstraints = critical, CA:true
subjectAltName = email:nomcom{{year}}@ietf.org
extendedKeyUsage= emailProtection</pre>
            </li>
            <li>
                Generate a private key and corresponding certificate:<br>
                <code>openssl req -config nomcom-config.cnf -x509 -new -newkey rsa:2048 -sha256 -days 730 -nodes -keyout privateKey-nomcom{{year}}.pem -out nomcom{{year}}.cert</code>
                <br>
                (Just press <kbd>Enter</kbd> when presented with <code>Common Name (e.g. NomComYY) [NomCom15]:</code>)
            </li>
        </ol>
        <p>
            You will upload the certificate to the datatracker (and make it available to people wishing to send mail) in the steps below.
        </p>
        <p>
            Securely distribute <code>privateKey-nomcom{{ year }}</code> to your NomCom advisor(s), liaisons, and members, as they become known.
        </p>
        <h3 class="mt-4" id="configure">Configure the Datatracker NomCom</h3>
        <p>
            Sign into the datatracker and go to the
            <a href="{% url 'ietf.nomcom.views.edit_nomcom' year %}">NomCom Settings Page</a>.
        </p>
        <p>
            Use the Browse button to select the public <code>nomcom{{ year }}.cert</code> file created above.
        </p>
        <p>
            Enter any special instructions you want to appear on the nomination entry form in the "Help text for nomination form" box. These will appear on the form immediately below the field labeled "Candidate's qualifications for the position".
        </p>
        <p>
            Choose whether to have the datatracker send questionnaires, and whether to automatically remind people to accept nominations and return questionnaires, according to the instructions on the form.
        </p>
        <p>
            Press the save button.
        </p>
        <p>
            You can return to this page and change your mind on any of the settings, even towards the end of your nomcom cycle. However, be wary of uploading a new public key once one feedback has been received. That step should only be taken in the case of a compromised keypair. Old feedback will remain encrypted with the old key, and will not be accessible through the datatracker.
        </p>
        <h3 class="mt-4" id="positions">Configure the Positions to be filled</h3>
        <p>
            Add the positions this NomCom needs to fill.
        </p>
        <p>
            Only create one Position for those roles having multiple seats to fill,
            such as the IAB, or the IESG areas where multiple ADs in that area are at the end of their term.
        </p>
        <p>
            Note the "Is open", "Accepting nominations", and "Accepting feedback" checkboxes. Set "Is open" to True when your NomCom is working on filling the position, and set it to false once filling it has been confirmed. When "Is open" is True, the Position will appear on the public Nomination and Feedback pages depending on the value of "Accepting nominations" and "Accepting feedback". The Position will appear on the private feedback pages (those the NomCom can use to enter data) even if "Accepting nominations" or "Accepting feedback" is False.
        </p>
        <p>
            When you create a new position, you will typically set "Is Open" to True immediately. After you edit the templates for the position and are ready for the community to provide nominations and feedback, set the "Accepting nominations" and "Accepting feedback" values to True.
        </p>
        <p>
            You might need to close some positions and open others as your NomCom progresses. For example, the 2014 NomCom was called back after it had finished work on its usual selections to fill a IAOC position that had been vacated mid-term. The 2016 NomCom had a second ART AD position to fill after deciding to move an incumbent to the IETF chair position. In both cases, the best path to follow was to create a new Position. Before making the call for nominations and feedback for this additional position, ensure the already filled positions are marked as not open. Then, only the new positions would be available on the Nomination and Feedback pages.
        </p>
        <h3 class="mt-4" id="templates">Customize the web-form and email templates</h3>
        <p>
            Edit each of the templates at {% url 'ietf.nomcom.views.list_templates' year %}. The "Home page of group" template is where to put information about the current NomCom members and policies. It is also a good place to list incumbents in positions, and information about whether the incumbents will stand again. See the home page of past NomComs for examples.
        </p>
        <h3 class="mt-4" id="test">Test the results</h3>
        <p>
            Before advertising that your NomCom pages are ready for the community to use, test your configuration. Create a dummy nominee for at least one position, and give it some feedback. You will be able to move this out of the way later. Once you've marked positions as open, ask your NomCom members to look over the expertise and questionnaires tab (which show rendered view of each of the templates for each position) to ensure they contain what you want the community to see. Please don't assume that everything is all right without looking. It's a good idea to give the secretariat and the tools team a heads up a few (preferably 3 to 5) days notice before announcing that your pages are ready for community use.
        </p>
    </div>
{% endblock %}